WTF *Nix

Going to break these down into parts for each of you to understand if you are new in this area… I know for a fact there are some gurus out there that may read this and say something along the lines… “What a waste of time…” Well this this isn’t for you ole Mighty Gurus

So lets start with…

Web and FTP Servers

Every network that has an internet connection is at risk of being compromised. While there are several steps that you can take to secure your LAN, the only real solution is to close your LAN to incoming traffic, and restrict outgoing traffic.

However some services such as web or FTP servers require incoming connections. If you require these services you will need to consider whether it is essential that these servers are part of the LAN, or whether they can be placed in a physically separate network known as a DMZ (demilitarized zone). Ideally all servers in the DMZ will be stand alone servers, with unique logons and passwords for each server. If you require a backup server for machines within the DMZ then you should acquire a dedicated machine and golden rule is to keep the backup solution separate from the LAN backup solution.

The DMZ will come directly off the firewall, which means that there are two routes in and out of the DMZ, traffic to and from the internet, and traffic to and from the LAN. Traffic between the DMZ and your LAN would be treated totally separately to traffic between your DMZ and the Internet. Incoming traffic from the internet would be routed directly to your DMZ.

Then if any hacker were to compromise a machine within the DMZ, then the only network they would have access to would be the DMZ. The hacker would have little or no access to the LAN. It would also be the case that any virus infection or other security compromise within the LAN would not be able to migrate to the DMZ.

In order for the DMZ to be effective, you will have to keep the traffic between the LAN and the DMZ to a minimum. In the majority of cases, the only traffic required between the LAN and the DMZ is FTP. If you do not have physical access to the servers, you will also need some sort of remote management protocol such as terminal services (SSH, RDC and etc..) or VNC.

Database servers

If your web servers require access to a database server, then you will need to consider where to place your database. The most secure place to locate a database server is to create yet another physically separate network called the “secure zone,” and to place the database server there!!! Not in the UNSECURED ZONE!

The “secure zone” is also a physically separate network connected directly to the firewall. The Secure zone is by definition the most secure place on the network. The only access to or from the secure zone would be the database connection from the DMZ (and LAN if required).

Exceptions to the rule

The dilemma faced by network engineers (monkeys) is where to put the email server. It requires SMTP connection to the internet, yet it also requires domain access from the LAN. If you where to place this server in the DMZ, the domain traffic would compromise the integrity of the DMZ, making it simply an extension of the LAN.  My opinion, the only place you can put an email server is on the LAN and allow SMTP traffic into this server. However I would recommend against allowing any form of HTTP access into this server. If your users require access to their mail from outside the network, it would be far more secure to look at some form of VPN solution. (a brief on why using the VPN solution, is to have the firewall handle the VPN connections. LAN based VPN servers allow the VPN traffic onto the network before it is authenticated, which is NEVER a good practice.)

I know this doesn’t cover EVERYTHING under the sun for security on web servers, however this is just a “brief” overview on why to secure and what to place where in my own experiences…  So get secured and if you have any questions, you know this blog is WIDE-OPEN for you to post up to seek help, and surely I don’t know EVERYTHING yet… I’ll damn sure try to find the answer for you regardless. =)

WTF get’r done!!!

Well, well, well, I guess it’s time to release yet another helping hand to the Newedge Community!!! WOOHOO they say? Heck no! I say WTF Get ‘r Done!

Here you have a release of a full fledged “by the book” (HAHA NOT REALLY) manual by I myself from the Newedge Community Forums epctechno

I would like you to know, I’m not wanting you to read this off my website, I have uploaded the the PDF which is 9.1+ MB BIG in low compression in zip, tar.gz, .rar, and .7z here:

zip

tar.gz

rar

7z

You pick the format to download, it’s up to you.

Hope you enjoy this and if you find it in your heart to donate, please do! Took sometime on putting all of this together in a two-day span of time.

I for one don’t condone going on and bashing an Author, I would love to go and point out, hey why not post the remedy instead of just posting hey this is not a secure app, it’s vulnerable, well here take this for instance:

Five ‘must-secure’ Web app vulnerabilities

http://blogs.zdnet.com/security/?p=3268

Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention.

According to Mark Painter from the HP Security Laboratory, the Geronimo flaws expose users to a variety of attack vectors that could lead to the theft of sensitive information and cookie-based authentication credentials. Here’s the top-five list from this past week:

1. Apache Geronimo Application Server

The free, open-source Apache Geronimo Application Server 2.1 through 2.1.3 is prone to multiple remote vulnerabilities.

• Multiple directory traversal vulnerabilities (see advisory)
• A cross-site scripting vulnerability (see advisory)
  
• Multiple HTML-injection vulnerabilities
• A cross-site request-forgery vulnerability (see advisory)

It’s important to note that attackers can exploit these issues to obtain sensitive information, upload arbitrary files, execute arbitrary script code, steal cookie-based authentication credentials, and perform certain administrative actions.

2. SAP cFolders

SAP cFolders is vulnerable to several cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.  Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

• SAP Cfolders Multiple Stored XSS Vulnerabilies (Digital Security)
• SAP Cfolders Multiple Linked XSS Vulnerabilities (Digital Security)
• SAP Cfolders Multiple Linked XSS Vulnerabilities (”Digital Security Research Group \[DSecRG\]” )
• SAP Cfolders Multiple Stored XSS Vulnerabilies (”Digital Security Research Group \[DSecRG\]” )
• SAP note 1284360 (SAP)
• SAP note 1292875 (SAP)

3. CS Whois Lookup

CS Whois Lookup is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input.  Successful attacks can compromise the affected software and possibly the computer.

An attacker can exploit this issue using a browser. The following example URI is available.

There are not patches available yet.  Contact CS Whois Lookup for information.

4. phpMyAdmin

There is a remote PHP code-injection vulnerability (PMASA-2009-4) affecting phpMyAdmin.

An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

This issue affects phpMyAdmin 3.x (prior to 3.1.3.2). Attackers can launch exploits issue via a browser.  Patches are available.

5. Novell Teaming

A user-enumeration weakness and multiple cross-site scripting vulnerabilities expose users of Novell Teaming to a range of attack scenarios.

• A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames and then perform brute-force attacks; other attacks are also possible.
• The attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

To exploit the cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI. The following example URI is available.

• Multiple Vulnerabilities in Novell Teaming (Bernhard Mueller )
• Novell Teaming username enumeration vulnerability fix (Novell)
• Novell Teaming Cross-Site Scripting Vulnerability fix (Novell)

Novell Teaming 1.0.3 is vulnerable; other versions may also be affected.

As you see above, this guy that works for Kaspersky Lab, great Author and all, still it kind of makes your wonder who you have behind the scenes at these sorts of joints such as Norton and etc…

Well if you read here was my answer:

RE: Five ‘must-secure’ Web app vulnerabilities

The number one golden rule of keeping your whole box secure for this is??? Don’t run it as a privileged user… that’s what useradd is good for.

To note, why post just on five ‘must-secure’ without posting how to secure them? It’s pointless if your end-reader that’s new to the world of securing their apps, so here for example, how to secure your phpMyAdmin is simple and effective by adding a couple lines in their Apache Module conf file:

order deny,allow
deny from all
allow from 127.0.0.1
allow from 192.168.0.90

All from 192.168.0.90 is a WS here that I’m at writing this reply, and that and localhost to the server is the ONLY ones allowed to use phpMyAdmin everyone else will be denied.

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

normally by default when installing phpMyAdmin you create an Alias on how it should be called, well I would make it more secure by changing the name as such:

Alias /fuhaX0rz /usr/share/phpMyAdmin

However it’s totally up to you, on what you want, but the first one of allowing access to the phpMyAdmin area via IP address is ample enough. Simple 1 minute fix and any haX0r out there can try to run his bot day and night getting to this directory.

The rest is simple, a guy has to only go and use google.com to fix the rest, I’m not the author of the blog, but if you post something about security and how to secure the apps, I would highly recommend for the end-user(reader) to have a how-to fix them…

Moral of it all is this, don’t post something they having bottom-lines saying, no patches are available, patches are available and etc… I for one don’t care to see this kind of stuff, you just gave 50% away, now give the other 50% to the end-reader and they’ll keep coming back too you. Well all the Authors at zdnet are great people, and one person namely Paula, which is very extraordinary and a well-rounded creature, but you know it’s about the reader-base.

I for one would love to see Authors ellaborate more especially to the end-reader on what to do to even beef up your security, yes we know this is not a PERFECT world and we will always have haX0rz, crackerz, keygenners and etc… I believe this is why you (as an Author) get such foul mooded readers (humans) people and hatemail. I don’t receive it only unless it’s from the IRS or something.

t3h l337 |-|4×02 473 m4h 54|\||)vv1[|-|

So WTF Get ‘r done!

Before I get into the instructions, let’s say I’m one pleased puppy on this new release…

This has to be the best Fedora Release yet! Normally I don’t reboot, but after seeing what happened to my last reboot here on my gateway server out of the house, it took literally 10-12 seconds till I was serving the web and my server was back online after rebooting fedora 2x after upgrading to F 11 Leonidas… This is what’s really going to be the winner for any *nix flavor Workstation that loves rebooting fast, read more of this here
20SecondStartup

Oh and Python 2.6 finally??? Oh well I built it already and had my own RPM laying here, I’m just not looking forward to Python 3.0 quite yet… I wished Python would slow down some! Even though my bud loves the Python 3.0 which he’s a robot builder for a large firm in Japan.

Just like any other upgrade that you do with Yum, this is the most easiest!

Keep up to date on their final release here:  Fedora’s Leonidas Final Release

This is for their Preview Release Core 11

yum update

yum clean all

yum clean all (Just to be sure)

yum update (Just to be sure)

yum clean all (Just to be sure)

i386:

rpm -Uvh http://mirrors.usc.edu/pub/linux/distributions/fedora/linux/releases/test/11-Preview/Fedora/i386/os/Packages/fedora-release-10.92-1.noarch.rpm http://mirrors.usc.edu/pub/linux/distributions/fedora/linux/releases/test/11-Preview/Fedora/i386/os/Packages/fedora-release-notes-10.93.0-1.fc11.noarch.rpm

x86_64:

rpm -Uvh http://mirrors.usc.edu/pub/linux/distributions/fedora/linux/releases/test/11-Preview/Fedora/x86_64/os/Packages/fedora-release-10.92-1.noarch.rpm http://mirrors.usc.edu/pub/linux/distributions/fedora/linux/releases/test/11-Preview/Fedora/x86_64/os/Packages/fedora-release-notes-10.93.0-1.fc11.noarch.rpm

yum -y update

You may need to do some housekeeping to remove some packages to work out a few dependency issues, however mine was swift as I only build gateways and lite boxes separately for one for HTTP, one for MySQL, one for Qmail.

So remember use GOOGLE to research your ERRs, or post them in here, don’t guarantee me to keep checking every hour, someone may come along like billy boy gates or steve balmer from M$ and they may know the answer

All the love to the *nix world keep awkin on!

If you are looking to have a list of commands to keep handy, figured I would share these here with others that need a starting point with VIM:

1. The cursor is moved using either the arrow keys or the hjkl keys.
h (left)    j (down)       k (up)        l (right)

2. To start Vim from the shell prompt type:  vim FILENAME <ENTER>

3. To exit Vim type:       <ESC>   :q!     <ENTER>  to trash all changes.

OR type:   <ESC>   :wq     <ENTER>  to save the changes.

4. To delete the character at the cursor type:  x

5. To insert or append text type:

i   type inserted text   <ESC>        insert before the cursor
A   type appended text   <ESC>         append after the line

NOTE: Pressing <ESC> will place you in Normal mode or will cancel an unwanted and partially completed command.

Here is VIM’s Part II